Tag Archives: Network Security

How To Secure Your Wireless Router

Utilizing a wireless network is cheap, convenient and can be a significant productivity boost to your company. It can also be a security disaster if it has been installed out of the box and left that way as wireless routers come with minimum security settings applied out of the box. What should you do to make sure your wireless router is secure? Here are the minimum actions you should take to ensure you are protected.

1. Change your administrative password. Nearly all wireless routers ship with a default or blank password out of the box. Need proof how easy it is for others to locate these default user name and password combinations for any router out there? Visit routerpasswords.com to check it out (note this is also a good method to recover your password if you have thrown out the documentation and ever have to do a hard reset of your wireless router). When setting the password be sure to follow our tips for creating a secure password.

Getting Started: To access the administrative login page for your wireless router you must use your web browser and navigate to the appropriate IP address. Reference your manual or try these common admin urls (while connected to your wireless network)

http://192.168.0.1/ (Dlink & Netgear)

http://192.168.1.1/ (Linksys)

If you are operating from a Windows machine you could also try Start>Run> cmd. Type ipconfig at the command line and locate the Default Gateway. This should be your wireless router admin location assuming you are connected from the wireless router. (if none of these work I recommend a google search for the type of wireless router you have and admin url, example: dlink and admin url).

2. Turn on encryption. It is estimated that over half of wireless networks are set to open status and that sounds about right. You can not afford to do that with your business or home network so I recommend at a minimum you utilize WEP encryption and preferably WPA or WPA2 if your device supports since they are more secure.

Max Size 128 bit WEP key = 26 characters

Max Size 256 bit WEP key = 58 characters

Max Size WPA passphrase = 63 characters

When setting encryption treat it like a password and never pick words or phrases that are easily guessable or in the dictionary. A good general rule is some encryption is better then none and longer keys are better then shorter ones. If your network is used by many individuals you likely will have to pick your own sweet spot  between usability and security.

3. Update the wireless router firmware – Vendors provide updates to increase functionality and eliminate security vulnerabilities. Failing to update to the most current levels could leave your wireless network vulnerable.

4. Change the Wireless Network SSID – It typically adds little in security but lowers the temptation for casual snoopers to dive deeper as many Internet freeloaders only look for default unprotected network setups.

5. Disable SSID broadcast – This is similar to step 4 in its value (mainly just adding some obscurity to your setup) but it can help keep out unskilled would be freeloaders.

6. Consider using MAC address filtering options if you have a relatively stable environment with few guests utilizing the network. It adds a lot to security but can be an administrative headache so make sure your going to do it right if you implement it.

7. Backup your wireless network configuration and save it to a location where it can be recovered if you are forced to do a restore. This step can save you a lot of hassle if you are ever forced to do a hard reset on your wireless router.

Feel free to post any questions you may have and I will do my best to assist.

Network Security – Get a firewall

No firewall is like playing with fire

Photo courtesy of http://www.flickr.com/photos/catsegovia/

Network security is one of the more technical subjects of an information security program but it is essential to your overall security health. Your network is your pathway to all of the essential business processes that happen to and from the outside world. The same connectivity that enables business also comes at a cost increased risk of suffering an information security incident if you do not implement firewall protection to prevent undesired traffic to your network. Security tests have shown that a computer directly on the Internet can be compromised in minutes even if it is configured with minimal functionality. Simply put running without a firewall is playing with fire. A secondary benefit of having a firewall is that it is a way to validate that your network is not part of a botnet that could be stealing your data or using you for other nefarious purposes. Regular review of firewall logs can help quickly detect if you have a problem that needs to be followed up on.

Technically a firewall can be either a hardware appliance or software that resides on a machine but for our purposes I will assume you plan to utilize a hardware appliance type firewall. The type of firewall that you should choose depends on the size of your organization and your protection requirements. That being said the general principle is that any firewall that is properly configured is better then none.

Some of the leading providers of appliance based firewalls include Cisco, Juniper, Check Point, and SonicWall. All of these companies offer models that can meet the needs of smaller operations all the way to large enterprises. A smaller company (without a present firewall) that gets Internet from a cable or dsl connection should consider an integrated wireless router/firewall model. These are often the same models utilized by home users and serve the purpose of separating the network from the Internet at an affordable price. Some of the vendors that specialize in this market include Linksys, Dlink, Netgear, and 3Com.

In the future, I will provide a more detailed review of firewalls and features but for now if you don’t have a firewall you don’t have time to wait. Get a firewall and get a little more secure.